CODEWITHSUNDEEP
wildfly-10java-securityjavapolicy
Pathak
Pathak

Reputation: 193

Wildfly Security Manager : Permission failed for javax.management.MBeanPermission

I have My JBOSS Wildfly10 set up. I am enabling SECMGR flag in standlone.conf.bat file to true for enabling java security manager and as my war is deployed in wildfy 10 ,I am giving following permission set in standalone.xml as below and getting following error:

14:49:56,804 INFO [stdout] (ServerService Thread Pool -- 58) 2017-03-28 14:49:56,804 ServerService Thread Pool -- 58 ERROR Could not unregister MBeans for org.apac he.logging.log4j2:type=2483b420,component=Loggers,name=*,subtype=RingBuffer java.security.AccessControlException: WFSM000001: Permission check failed (permission "( "javax.management.MBeanPermission" "-#-[-]" "queryNames")" in code source "(vfs:/C:/wildfly-10.0.0.Final/standalone/deployments/mySample.war/WEB-INF/lib/log4j-core-2.5. jar )" of "null")

My Standalone.xml configuration is as below so please can anyone help me out here where I am doing wrong ?

 <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
                <deployment-permissions>
                    <minimum-set>
                        <permission class="java.lang.RuntimePermission" name="shutdownHooks"/>
                        <permission class="java.util.PropertyPermission" name="*" actions="read"/>
                        <permission class="java.lang.RuntimePermission" name="createClassLoader"/>
                        <permission class="java.lang.RuntimePermission" name="getClassLoader"/>
                        <permission class="java.lang.RuntimePermission" name="shutdownHooks"/>
                        <permission class="javax.management.MBeanServerPermission" name="createMBeanServer"/>
                        <permission class="java.lang.reflect.ReflectPermission" name="suppressAccessChecks"/>
                        <permission class="javax.management.MBeanPermission" name="registerMBean"/>
                        <permission class="javax.management.MBeanPermission" name="queryNames"/>
                    </minimum-set>
                </deployment-permissions>
            </subsystem>

Upvotes: 1

Views: 3801

Answers (2)

Pathak
Pathak

Reputation: 193

Hi James thanks for reply, I am little new to java security management as you said I have corrected the permission and referred the MBeanPermission link , It was helpful for me and that issue got fixed.

Upvotes: 0

James R. Perkins
James R. Perkins

Reputation: 17815

The queryNames and registerMBean permissions aren't quite right. The name attribute should be the name of the MBean. The registerMBeanand queryNames are actions.

It should probably look something like:

<permission class="javax.management.MBeanPermission" name="*" actions="registerMBean"/>
<permission class="javax.management.MBeanPermission" name="*" actions="queryNames"/>

You can specify the specific names or just use * as a wildcard. Have a look at the MBeanPermission for more details.

Upvotes: 1

Related Questions